Unfortunately, I think my reference to DDOS attacks has distracted
from the underlying issue.
PF allows a rule like this:
pass in proto tcp from any to any port www keep state (max 100,
source-track rule, max-src-states 3)
(adapted from the man page)
We want this rule:
pass in proto tcp from a
W dniu 20.08.2012 18:27, Jason Hellenthal pisze:
All of the methods listed in more recent messages are just fine of
methods to *somewhat* handle the DDoS on the hosts being attacked.
- *But* -
The only way you are going to take care of this is going to you're
provider at the next level and aski
All of the methods listed in more recent messages are just fine of
methods to *somewhat* handle the DDoS on the hosts being attacked.
- *But* -
The only way you are going to take care of this is going to you're
provider at the next level and asking them for assistance. Most of the
addresses you
On Mon, Aug 20, 2012 at 12:07 PM, Kevin Wilcox wrote:
> Rather than block on the number of states, take a look at dropping
> based on the number of connections over some time delta.
>
> Specifically, max-src-conn and max-src-conn-rate.
Anything based on the source address is ineffective as the nu
David,
Have you looked *optimization* at link below? Maybe it helps you.
http://www.openbsd.org/faq/pf/options.html
On Mon, Aug 20, 2012 at 12:53 PM, J David wrote:
> Hello,
>
> We experience frequent DDOS attacks, and we're having a tough time
> mitigating them with pf. We have plenty of ban
On Mon, Aug 20, 2012 at 11:53 AM, J David wrote:
> However, the nature of a DDOS attack is that there is not a single
> source IP. The source IP is either outright forged or one of a large
> number of compromised attacking hosts. So what I really want to do is
> have a "max-dst-states" rule tha
Hello,
We experience frequent DDOS attacks, and we're having a tough time
mitigating them with pf. We have plenty of bandwidth and processing
power, we just can't seem to get the rules right.
If, for example, I have a single IP address on the outside attacking a
range of IPs on the inside, it is
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker
